Hi everyone,
not sure if I'm in the right forum area, so maybe a mod wants to move this.
Is it possible to 'track' actions that are done in a jail where an sshd server is running and offering root access (so of course no root access directly in the sshd, but after login su/sudo is possible).
The security level is low in the jail, so I have options for chflags in the host, but doing an sappend on e.g. .history is senseless as one can do a history -c or crashing the current session, so that nothing is written at all.
The sudoers file has a schg flag, so maybe sudoers/su is offering something like this? (So that at least the elevated commands are tracked?)
I'm wondering ho to implement some kind of options to see afterwards what one has done on the jailed shell. Any ideas for that?
not sure if I'm in the right forum area, so maybe a mod wants to move this.
Is it possible to 'track' actions that are done in a jail where an sshd server is running and offering root access (so of course no root access directly in the sshd, but after login su/sudo is possible).
The security level is low in the jail, so I have options for chflags in the host, but doing an sappend on e.g. .history is senseless as one can do a history -c or crashing the current session, so that nothing is written at all.
The sudoers file has a schg flag, so maybe sudoers/su is offering something like this? (So that at least the elevated commands are tracked?)
I'm wondering ho to implement some kind of options to see afterwards what one has done on the jailed shell. Any ideas for that?